So I'm looking for some hints on how to deal with an issue related to
updated website cert. I recently updated the dev foreman server to a
"official" cert that is valid instead of a self signed one and all seemed
well. Site worked, nodes that were built could run puppet agent -t and all
seemed fine... however it seems that the puppet reporting maybe is failing
and causing "out of sync" messages.
I've looked at the /etc/foreman/settings.yaml for ssl_* and websockets to
try and get a hint where to tweak also change that there to work but not
entirely sure where to start.
What should be done to correct this? Should one have a separation of the
keys so that web and puppet are not the same here?
The change I made was to tweak these values in the httpd configuration file
for the host.
SSLCertificateFile "cert.file.name"
SSLCertificateKeyFile "key.file.name"
My initial review of the config file seemed to imply to me that I need to
set the ssl_certificate and ssl_priv_key to match the above and I did but
still didn't seem to resolve the issue.
Any theories/suggestions? This is perhaps a puppet issue but I've not had
any luck with google on that front yet. The puppet agent runs clean on the
client but foreman keeps showing sync errors.
Try checking vi /etc/puppet/foreman.yaml
···
On Fri, Dec 1, 2017 at 6:02 PM, Mike Wilson <uce.mikew@gmail.com> wrote:So I'm looking for some hints on how to deal with an issue related to
updated website cert. I recently updated the dev foreman server to a
"official" cert that is valid instead of a self signed one and all seemed
well. Site worked, nodes that were built could run puppet agent -t and all
seemed fine... however it seems that the puppet reporting maybe is failing
and causing "out of sync" messages.
I've looked at the /etc/foreman/settings.yaml for ssl_* and websockets to
try and get a hint where to tweak also change that there to work but not
entirely sure where to start.
What should be done to correct this? Should one have a separation of the
keys so that web and puppet are not the same here?
The change I made was to tweak these values in the httpd configuration file
for the host.
SSLCertificateFile "cert.file.name"
SSLCertificateKeyFile "key.file.name"
My initial review of the config file seemed to imply to me that I need to
set the ssl_certificate and ssl_priv_key to match the above and I did but
still didn't seem to resolve the issue.
Any theories/suggestions? This is perhaps a puppet issue but I've not had
any luck with google on that front yet. The puppet agent runs clean on the
client but foreman keeps showing sync errors.
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Preliminary post: I mean the `ssl_ca` there. Also check
`foreman_ssl_ca` in `/etc/foreman-proxy/settings.yml`
-- Ivan
`foreman_ssl_ca` in `/etc/foreman-proxy/settings.yml`
-- Ivan
···
On Mon, Dec 4, 2017 at 9:21 AM, Ivan Necas <inecas@redhat.com> wrote:Try checking vi /etc/puppet/foreman.yaml
On Fri, Dec 1, 2017 at 6:02 PM, Mike Wilson <uce.mikew@gmail.com> wrote:
So I'm looking for some hints on how to deal with an issue related to
updated website cert. I recently updated the dev foreman server to a
"official" cert that is valid instead of a self signed one and all seemed
well. Site worked, nodes that were built could run puppet agent -t and all
seemed fine... however it seems that the puppet reporting maybe is failing
and causing "out of sync" messages.
I've looked at the /etc/foreman/settings.yaml for ssl_* and websockets to
try and get a hint where to tweak also change that there to work but not
entirely sure where to start.
What should be done to correct this? Should one have a separation of the
keys so that web and puppet are not the same here?
The change I made was to tweak these values in the httpd configuration file
for the host.
SSLCertificateFile "cert.file.name"
SSLCertificateKeyFile "key.file.name"
My initial review of the config file seemed to imply to me that I need to
set the ssl_certificate and ssl_priv_key to match the above and I did but
still didn't seem to resolve the issue.
Any theories/suggestions? This is perhaps a puppet issue but I've not had
any luck with google on that front yet. The puppet agent runs clean on the
client but foreman keeps showing sync errors.
--
You received this message because you are subscribed to the Google Groups
"Foreman users" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to foreman-users+unsubscribe@googlegroups.com.
To post to this group, send email to foreman-users@googlegroups.com.
Visit this group at https://groups.google.com/group/foreman-users.
For more options, visit https://groups.google.com/d/optout.
Thanks for the advice. I had searched and updated all locations that the
original cert named appeared and restarted all invovled. This one also one
of those locations. Unfortunately puppet was still complaining. I'm
wondering if I need to adjust something on the other side (not just the
foreman server?).
I'm wondering does the remote puppet side need some updated configuration? For what it's worth we did go from a self signed cert to a "wildcard" cert that matches the host/web name.
I'm wondering does the remote puppet side need some updated configuration? For what it's worth we did go from a self signed cert to a "wildcard" cert that matches the host/web name.